CVS commit: src/usr.sbin/user

Fri, 10 Dec 2021 12:06:38 -0800 

Module Name:    src
Committed By:   nia
Date:           Fri Dec 10 20:06:29 UTC 2021

Modified Files:
        src/usr.sbin/user: user.c

Log Message:
useradd(8): Recognize Argon2 passwords as "valid" when they are given
on the command line.

Reported by Robert Nestor on current-users@.


To generate a diff of this commit:
cvs rdiff -u -r1.133 -r1.134 src/usr.sbin/user/user.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/usr.sbin/user/user.c
diff -u src/usr.sbin/user/user.c:1.133 src/usr.sbin/user/user.c:1.134
--- src/usr.sbin/user/user.c:1.133	Mon Jul 29 09:33:21 2019
+++ src/usr.sbin/user/user.c	Fri Dec 10 20:06:29 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: user.c,v 1.133 2019/07/29 09:33:21 wiz Exp $ */
+/* $NetBSD: user.c,v 1.134 2021/12/10 20:06:29 nia Exp $ */
 
 /*
  * Copyright (c) 1999 Alistair G. Crooks.  All rights reserved.
@@ -33,7 +33,7 @@
 #ifndef lint
 __COPYRIGHT("@(#) Copyright (c) 1999\
  The NetBSD Foundation, Inc.  All rights reserved.");
-__RCSID("$NetBSD: user.c,v 1.133 2019/07/29 09:33:21 wiz Exp $");
+__RCSID("$NetBSD: user.c,v 1.134 2021/12/10 20:06:29 nia Exp $");
 #endif
 
 #include <sys/types.h>
@@ -934,6 +934,9 @@ typedef struct passwd_type_t {
 } passwd_type_t;
 
 static passwd_type_t	passwd_types[] = {
+	{ "$argon2i",	8,	SIZE_MAX,	"\\$[^$]+\\$[^$]+\\$[^$]+\\$(.*)", 1 },	/* Argon2i */
+	{ "$argon2id",	9,	SIZE_MAX,	"\\$[^$]+\\$[^$]+\\$[^$]+\\$(.*)", 1 },	/* Argon2id */
+	{ "$argon2d",	8,	SIZE_MAX,	"\\$[^$]+\\$[^$]+\\$[^$]+\\$(.*)", 1 },	/* Argon2id */
 	{ "$sha1",	5,	28,	"\\$[^$]+\\$[^$]+\\$[^$]+\\$(.*)", 1 },	/* SHA1 */
 	{ "$2a",	3,	53,	"\\$[^$]+\\$[^$]+\\$(.*)",	1 },	/* Blowfish */
 	{ "$1",		2,	34,	NULL,				0 },	/* MD5 */
@@ -953,14 +956,16 @@ valid_password_length(char *newpasswd)
 	for (pwtp = passwd_types; pwtp->desc_length != (size_t)~0; pwtp++) {
 		if (strncmp(newpasswd, pwtp->type, pwtp->desc_length) == 0) {
 			if (pwtp->regex == NULL) {
-				return strlen(newpasswd) == pwtp->length;
+				return pwtp->length == SIZE_MAX ||
+				    strlen(newpasswd) == pwtp->length;
 			}
 			(void)regcomp(&r, pwtp->regex, REG_EXTENDED);
 			if (regexec(&r, newpasswd, 10, matchv, 0) == 0) {
 				regfree(&r);
-				return (int)(matchv[pwtp->re_sub].rm_eo -
-				    matchv[pwtp->re_sub].rm_so) ==
-				    pwtp->length;
+				return pwtp->length == SIZE_MAX ||
+				    (int)(matchv[pwtp->re_sub].rm_eo -
+					matchv[pwtp->re_sub].rm_so) ==
+					pwtp->length;
 			}
 			regfree(&r);
 		}

Reply via email to